VulnerableCode Package Details - pkg:maven/org.springframework.security/spring-security-core@5.0.5.RELEASE

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.springframework.security/spring-security-core@5.0.5.RELEASE

Essentials
History (5)

purl	pkg:maven/org.springframework.security/spring-security-core@5.0.5.RELEASE

Next non-vulnerable version	5.0.12
Latest non-vulnerable version	7.0.5
Risk	4.0

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-2fan-h878-8faj Aliases: CVE-2020-5408 GHSA-2ppp-9496-p23q	Use of Insufficiently Random Values Spring Security uses a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.	5.0.16 Affected by 0 other vulnerabilities. 5.0.16.RELEASE Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.1.10 Affected by 0 other vulnerabilities. 5.1.10.RELEASE Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.2.4 Affected by 0 other vulnerabilities. 5.2.4.RELEASE Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.3.2 Affected by 0 other vulnerabilities. 5.3.2.RELEASE Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-3p1k-4ges-1fev Aliases: CVE-2019-3795 GHSA-v2r2-7qm7-jj6v	Insufficient Entropy in PRNG Spring Security contain an insecure randomness vulnerability when using `SecureRandomFactoryBean#setSeed` to configure a `SecureRandom` instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection.	5.0.12 Affected by 0 other vulnerabilities. 5.0.12.RELEASE Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.0.13.RELEASE Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.1.5 Affected by 0 other vulnerabilities. 5.1.5.RELEASE Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.1.6.RELEASE Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-jasw-zntp-nkdd Aliases: CVE-2018-1258 GHSA-cxrj-66c5-9fmh	Incorrect Authorization Spring Framework when used in combination with Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.	5.0.6.RELEASE Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vh4r-sk3t-eqe3 Aliases: CVE-2021-22112 GHSA-gq28-h5vg-8prx	privilege escalation	5.2.9 Affected by 0 other vulnerabilities. 5.2.9.RELEASE Affected by 0 other vulnerabilities. 5.3.9 Affected by 0 other vulnerabilities. 5.3.9.RELEASE Affected by 0 other vulnerabilities. 5.4.4 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T20:45:17.884590+00:00	GitLab Importer	Affected by	VCID-vh4r-sk3t-eqe3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-core/CVE-2021-22112.yml	38.6.0
2026-06-04T20:30:25.578808+00:00	GitLab Importer	Affected by	VCID-2fan-h878-8faj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-core/CVE-2020-5408.yml	38.6.0
2026-06-04T20:20:29.836205+00:00	GitLab Importer	Affected by	VCID-3p1k-4ges-1fev	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-core/CVE-2019-3795.yml	38.6.0
2026-06-04T18:24:30.488728+00:00	GHSA Importer	Affected by	VCID-3p1k-4ges-1fev	https://github.com/advisories/GHSA-v2r2-7qm7-jj6v	38.6.0
2026-06-02T04:37:41.466757+00:00	GitLab Importer	Affected by	VCID-jasw-zntp-nkdd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-core/CVE-2018-1258.yml	38.6.0